Download OpenSSL 1.0.0c / 0.9.8q

OpenSSL is a well-known security program that offers encryption functions. It contains an implementation of the tls and ssl protocols, with which data can be sent and received encrypted. For more information, please refer to this page† The developers have released new versions with 1.0.0c and 0.9.8q as version designations. The corresponding list of changes since the previous entry in the Meuktracker looks like this:

Changes between 1.0.0b and 1.0.0c:

• Fixed J-PAKE implementation error, originally discovered by Sebastien Martini, further info and confirmation from Stefan Arentz and Feng Hao. Note that this fix is ​​a security fix. CVE-2010-4252 [Ben Laurie]

Changes between 1.0.0a and 1.0.0b

• Fix extension code to avoid race conditions which can result in a buffer overrun vulnerability: resumed sessions must not be modified as they can be shared by multiple threads. CVE-2010-3864
• Fix WIN32 build system to correctly link an ENGINE directory into a DLL. [Steve Henson]

Changes between 0.9.8p and 0.9.8q:

• Disable code workaround for ancient and obsolete Netscape browsers and servers: an attacker can use it in a ciphersuite downgrade attack. Thanks to Martin Rex for discovering this bug. CVE-2010-4180 [Steve Henson]
• Fixed J-PAKE implementation error, originally discovered by Sebastien Martini, further info and confirmation from Stefan Arentz and Feng Hao. Note that this fix is ​​a security fix. CVE-2010-4252 [Ben Laurie]

Changes between 0.9.8o and 0.9.8p:

• Fix extension code to avoid race conditions which can result in a buffer overrun vulnerability: resumed sessions must not be modified as they can be shared by multiple threads. CVE-2010-3864 [Steve Henson]
• Fix for double free bug in ssl/s3_clnt.c CVE-2010-2939 [Steve Henson]
• Don’t reencode certificate when calculating signature: cache and use the original encoding instead. This makes signature verification of some broken encodings work correctly. [Steve Henson]
• ec2_GF2m_simple_mul bugfix: compute correct result if the output EC_POINT is also one of the inputs. [Emilia Käsper]
• Don’t repeatedly append PBE algorithms to table if they already exist. Sort table on each new add. This effectively makes the table read only after all algorithms are added and subsequent calls to PKCS12_pbe_add etc are non-op. [Steve Henson]